Use of https in terminal fails [on hold]
up vote
0
down vote
favorite
Use of http in terminal seems to work fine.
But when I tried the same using https, it fails.
When I try to get the same location with wget. http works but https results in error - ERROR: Can not verify certificate attribute and fails.
There seems to be no problem with proxy, everything is configured properly.
Its not only wget even yum command and all other commands fails with https.
Can someone explain the cause of this?
networking terminal http https
asked Nov 26 at 8:07
Arun Prakash
115
put on hold as unclear what you're asking by Rui F Ribeiro, G-Man, JigglyNaga, RalfFriedl, Jeff Schaller Nov 26 at 20:36
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
|
show 3 more comments
up vote
0
down vote
favorite
Use of http in terminal seems to work fine.
But when I tried the same using https, it fails.
When I try to get the same location with wget. http works but https results in error - ERROR: Can not verify certificate attribute and fails.
There seems to be no problem with proxy, everything is configured properly.
Its not only wget even yum command and all other commands fails with https.
Can someone explain the cause of this?
networking terminal http https
asked Nov 26 at 8:07
Arun Prakash
115
put on hold as unclear what you're asking by Rui F Ribeiro, G-Man, JigglyNaga, RalfFriedl, Jeff Schaller Nov 26 at 20:36
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
Can you share the failing command you are executing? The error seems to point to a CA missing in your systems trusted certificate store.
– Peschke
Nov 26 at 8:25
Are you very sure the error does not say "certificate authority"? This is usually 80% server error – the server is supposed to send not only its own certificate, but also intermediate certificates (think re-sellers) up to a small-ish list of trustworthy root authorities, a list of which is managed by your distribution. In the other 20%, the client does not know the root authority the server is using.
– Ulrich Schwarz
Nov 26 at 8:42
A quick workaround could probably be--no-check-certificate
– Panki
Nov 26 at 10:03
@Peschke I have placed the certificate in the certificate store. In centos its/etc/pki/ca-trust/source/anchors/. But still results in error.
– Arun Prakash
Nov 26 at 10:28
@UlrichSchwarz . It seems to work properly for other machines. So there is no problem with server i guess. Can you explain me about the client side error?
– Arun Prakash
Nov 26 at 10:28
|
show 3 more comments
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Use of http in terminal seems to work fine.
But when I tried the same using https, it fails.
When I try to get the same location with wget. http works but https results in error - ERROR: Can not verify certificate attribute and fails.
There seems to be no problem with proxy, everything is configured properly.
Its not only wget even yum command and all other commands fails with https.
Can someone explain the cause of this?
networking terminal http https
asked Nov 26 at 8:07
Arun Prakash
115
Use of http in terminal seems to work fine.
But when I tried the same using https, it fails.
When I try to get the same location with wget. http works but https results in error - ERROR: Can not verify certificate attribute and fails.
There seems to be no problem with proxy, everything is configured properly.
Its not only wget even yum command and all other commands fails with https.
Can someone explain the cause of this?
networking terminal http https
networking terminal http https
asked Nov 26 at 8:07
Arun Prakash
115
asked Nov 26 at 8:07
Arun Prakash
115
asked Nov 26 at 8:07
Arun Prakash
115
asked Nov 26 at 8:07
Arun Prakash
115
asked Nov 26 at 8:07
Arun Prakash
115
115
put on hold as unclear what you're asking by Rui F Ribeiro, G-Man, JigglyNaga, RalfFriedl, Jeff Schaller Nov 26 at 20:36
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
put on hold as unclear what you're asking by Rui F Ribeiro, G-Man, JigglyNaga, RalfFriedl, Jeff Schaller Nov 26 at 20:36
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
Can you share the failing command you are executing? The error seems to point to a CA missing in your systems trusted certificate store.
– Peschke
Nov 26 at 8:25
Are you very sure the error does not say "certificate authority"? This is usually 80% server error – the server is supposed to send not only its own certificate, but also intermediate certificates (think re-sellers) up to a small-ish list of trustworthy root authorities, a list of which is managed by your distribution. In the other 20%, the client does not know the root authority the server is using.
– Ulrich Schwarz
Nov 26 at 8:42
A quick workaround could probably be--no-check-certificate
– Panki
Nov 26 at 10:03
@Peschke I have placed the certificate in the certificate store. In centos its/etc/pki/ca-trust/source/anchors/. But still results in error.
– Arun Prakash
Nov 26 at 10:28
@UlrichSchwarz . It seems to work properly for other machines. So there is no problem with server i guess. Can you explain me about the client side error?
– Arun Prakash
Nov 26 at 10:28
|
show 3 more comments
Can you share the failing command you are executing? The error seems to point to a CA missing in your systems trusted certificate store.
– Peschke
Nov 26 at 8:25
Are you very sure the error does not say "certificate authority"? This is usually 80% server error – the server is supposed to send not only its own certificate, but also intermediate certificates (think re-sellers) up to a small-ish list of trustworthy root authorities, a list of which is managed by your distribution. In the other 20%, the client does not know the root authority the server is using.
– Ulrich Schwarz
Nov 26 at 8:42
A quick workaround could probably be--no-check-certificate
– Panki
Nov 26 at 10:03
@Peschke I have placed the certificate in the certificate store. In centos its/etc/pki/ca-trust/source/anchors/. But still results in error.
– Arun Prakash
Nov 26 at 10:28
@UlrichSchwarz . It seems to work properly for other machines. So there is no problem with server i guess. Can you explain me about the client side error?
– Arun Prakash
Nov 26 at 10:28
Can you share the failing command you are executing? The error seems to point to a CA missing in your systems trusted certificate store.
– Peschke
Nov 26 at 8:25
Can you share the failing command you are executing? The error seems to point to a CA missing in your systems trusted certificate store.
– Peschke
Nov 26 at 8:25
Are you very sure the error does not say "certificate authority"? This is usually 80% server error – the server is supposed to send not only its own certificate, but also intermediate certificates (think re-sellers) up to a small-ish list of trustworthy root authorities, a list of which is managed by your distribution. In the other 20%, the client does not know the root authority the server is using.
– Ulrich Schwarz
Nov 26 at 8:42
Are you very sure the error does not say "certificate authority"? This is usually 80% server error – the server is supposed to send not only its own certificate, but also intermediate certificates (think re-sellers) up to a small-ish list of trustworthy root authorities, a list of which is managed by your distribution. In the other 20%, the client does not know the root authority the server is using.
– Ulrich Schwarz
Nov 26 at 8:42
A quick workaround could probably be
--no-check-certificate– Panki
Nov 26 at 10:03
A quick workaround could probably be
--no-check-certificate– Panki
Nov 26 at 10:03
@Peschke I have placed the certificate in the certificate store. In centos its
/etc/pki/ca-trust/source/anchors/ . But still results in error.– Arun Prakash
Nov 26 at 10:28
@Peschke I have placed the certificate in the certificate store. In centos its
/etc/pki/ca-trust/source/anchors/ . But still results in error.– Arun Prakash
Nov 26 at 10:28
@UlrichSchwarz . It seems to work properly for other machines. So there is no problem with server i guess. Can you explain me about the client side error?
– Arun Prakash
Nov 26 at 10:28
@UlrichSchwarz . It seems to work properly for other machines. So there is no problem with server i guess. Can you explain me about the client side error?
– Arun Prakash
Nov 26 at 10:28
|
show 3 more comments
1 Answer
1
active
oldest
votes
up vote
0
down vote
Yes, you could take @panki(from comment) advice and use the --no-check-certificate option for wget, but that would be bad. Don’t get accustomed to avoiding errors by suppressing them.
You need to use openssl s_client to discover the certificate’s chain (of example.com website) :
openssl s_client -connect example.com:443 -debug
Once you’ve figured out what the certificate chain looks like, then check your main certificate file, probably named cert.pem. Check to see if the certificates required by the site you’re trying to wget is in your certificate file. If not, you’ll need to acquire them and either append them to your main certificate file, or create a separate file and point to it with your wget command using the --ca-certificate option.
answered Nov 26 at 10:31
finn
1263
I did put the certificate in/etc/pki/ca-trust/source/anchors/. And ran the commandupdate-ca-trust extractto update the same. But still its not working.
– Arun Prakash
Nov 26 at 10:35
Is--no-check-certificateoption working?
– finn
Nov 26 at 10:38
its working. no problem with that. I want to know why thishttpsfails
– Arun Prakash
Nov 26 at 10:39
which distro you're using? probably fedora
– finn
Nov 26 at 10:41
This failure occurs in centos
– Arun Prakash
Nov 26 at 10:43
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Yes, you could take @panki(from comment) advice and use the --no-check-certificate option for wget, but that would be bad. Don’t get accustomed to avoiding errors by suppressing them.
You need to use openssl s_client to discover the certificate’s chain (of example.com website) :
openssl s_client -connect example.com:443 -debug
Once you’ve figured out what the certificate chain looks like, then check your main certificate file, probably named cert.pem. Check to see if the certificates required by the site you’re trying to wget is in your certificate file. If not, you’ll need to acquire them and either append them to your main certificate file, or create a separate file and point to it with your wget command using the --ca-certificate option.
answered Nov 26 at 10:31
finn
1263
I did put the certificate in/etc/pki/ca-trust/source/anchors/. And ran the commandupdate-ca-trust extractto update the same. But still its not working.
– Arun Prakash
Nov 26 at 10:35
Is--no-check-certificateoption working?
– finn
Nov 26 at 10:38
its working. no problem with that. I want to know why thishttpsfails
– Arun Prakash
Nov 26 at 10:39
which distro you're using? probably fedora
– finn
Nov 26 at 10:41
This failure occurs in centos
– Arun Prakash
Nov 26 at 10:43
add a comment |
up vote
0
down vote
Yes, you could take @panki(from comment) advice and use the --no-check-certificate option for wget, but that would be bad. Don’t get accustomed to avoiding errors by suppressing them.
You need to use openssl s_client to discover the certificate’s chain (of example.com website) :
openssl s_client -connect example.com:443 -debug
Once you’ve figured out what the certificate chain looks like, then check your main certificate file, probably named cert.pem. Check to see if the certificates required by the site you’re trying to wget is in your certificate file. If not, you’ll need to acquire them and either append them to your main certificate file, or create a separate file and point to it with your wget command using the --ca-certificate option.
answered Nov 26 at 10:31
finn
1263
I did put the certificate in/etc/pki/ca-trust/source/anchors/. And ran the commandupdate-ca-trust extractto update the same. But still its not working.
– Arun Prakash
Nov 26 at 10:35
Is--no-check-certificateoption working?
– finn
Nov 26 at 10:38
its working. no problem with that. I want to know why thishttpsfails
– Arun Prakash
Nov 26 at 10:39
which distro you're using? probably fedora
– finn
Nov 26 at 10:41
This failure occurs in centos
– Arun Prakash
Nov 26 at 10:43
add a comment |
up vote
0
down vote
up vote
0
down vote
Yes, you could take @panki(from comment) advice and use the --no-check-certificate option for wget, but that would be bad. Don’t get accustomed to avoiding errors by suppressing them.
You need to use openssl s_client to discover the certificate’s chain (of example.com website) :
openssl s_client -connect example.com:443 -debug
Once you’ve figured out what the certificate chain looks like, then check your main certificate file, probably named cert.pem. Check to see if the certificates required by the site you’re trying to wget is in your certificate file. If not, you’ll need to acquire them and either append them to your main certificate file, or create a separate file and point to it with your wget command using the --ca-certificate option.
answered Nov 26 at 10:31
finn
1263
Yes, you could take @panki(from comment) advice and use the --no-check-certificate option for wget, but that would be bad. Don’t get accustomed to avoiding errors by suppressing them.
You need to use openssl s_client to discover the certificate’s chain (of example.com website) :
openssl s_client -connect example.com:443 -debug
Once you’ve figured out what the certificate chain looks like, then check your main certificate file, probably named cert.pem. Check to see if the certificates required by the site you’re trying to wget is in your certificate file. If not, you’ll need to acquire them and either append them to your main certificate file, or create a separate file and point to it with your wget command using the --ca-certificate option.
answered Nov 26 at 10:31
finn
1263
answered Nov 26 at 10:31
finn
1263
answered Nov 26 at 10:31
finn
1263
answered Nov 26 at 10:31
finn
1263
1263
I did put the certificate in/etc/pki/ca-trust/source/anchors/. And ran the commandupdate-ca-trust extractto update the same. But still its not working.
– Arun Prakash
Nov 26 at 10:35
Is--no-check-certificateoption working?
– finn
Nov 26 at 10:38
its working. no problem with that. I want to know why thishttpsfails
– Arun Prakash
Nov 26 at 10:39
which distro you're using? probably fedora
– finn
Nov 26 at 10:41
This failure occurs in centos
– Arun Prakash
Nov 26 at 10:43
add a comment |
I did put the certificate in/etc/pki/ca-trust/source/anchors/. And ran the commandupdate-ca-trust extractto update the same. But still its not working.
– Arun Prakash
Nov 26 at 10:35
Is--no-check-certificateoption working?
– finn
Nov 26 at 10:38
its working. no problem with that. I want to know why thishttpsfails
– Arun Prakash
Nov 26 at 10:39
which distro you're using? probably fedora
– finn
Nov 26 at 10:41
This failure occurs in centos
– Arun Prakash
Nov 26 at 10:43
I did put the certificate in
/etc/pki/ca-trust/source/anchors/ . And ran the command update-ca-trust extract to update the same. But still its not working.– Arun Prakash
Nov 26 at 10:35
I did put the certificate in
/etc/pki/ca-trust/source/anchors/ . And ran the command update-ca-trust extract to update the same. But still its not working.– Arun Prakash
Nov 26 at 10:35
Is
--no-check-certificate option working?– finn
Nov 26 at 10:38
Is
--no-check-certificate option working?– finn
Nov 26 at 10:38
its working. no problem with that. I want to know why this
https fails– Arun Prakash
Nov 26 at 10:39
its working. no problem with that. I want to know why this
https fails– Arun Prakash
Nov 26 at 10:39
which distro you're using? probably fedora
– finn
Nov 26 at 10:41
which distro you're using? probably fedora
– finn
Nov 26 at 10:41
This failure occurs in centos
– Arun Prakash
Nov 26 at 10:43
This failure occurs in centos
– Arun Prakash
Nov 26 at 10:43
add a comment |
Can you share the failing command you are executing? The error seems to point to a CA missing in your systems trusted certificate store.
– Peschke
Nov 26 at 8:25
Are you very sure the error does not say "certificate authority"? This is usually 80% server error – the server is supposed to send not only its own certificate, but also intermediate certificates (think re-sellers) up to a small-ish list of trustworthy root authorities, a list of which is managed by your distribution. In the other 20%, the client does not know the root authority the server is using.
– Ulrich Schwarz
Nov 26 at 8:42
A quick workaround could probably be
--no-check-certificate– Panki
Nov 26 at 10:03
@Peschke I have placed the certificate in the certificate store. In centos its
/etc/pki/ca-trust/source/anchors/. But still results in error.– Arun Prakash
Nov 26 at 10:28
@UlrichSchwarz . It seems to work properly for other machines. So there is no problem with server i guess. Can you explain me about the client side error?
– Arun Prakash
Nov 26 at 10:28